lpa du morvan wrote: > Hi > > FAQ #21 say: > <<Nov 25 18:58:52 linux kernel: > Shorewall:net2all:DROP:IN=eth1 OUT= > MAC=00:60:1d:f0:a6:f9:00:60:1d:f6:35:50:08:00 SRC=206.124.146.179 > DST=192.0.2.3 LEN=56 TOS=0x00 PREC=0x00 TTL=110 ID=18558 PROTO=ICMP > TYPE=3 CODE=3 [SRC=192.0.2.3 DST=172.16.1.10 LEN=128 TOS=0x00 > PREC=0x00 > TTL=47 ID=0 DF PROTO=UDP SPT=53 DPT=2857 LEN=108 ]Unfortunately, where > NAT is involved (including SNAT, DNAT and Masquerade), there are a lot of > broken implementations > > why shorewall break my ipsec tunnel ? > > I have tried with deactivate masquerade (on the both side) but always : > > wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1 > > I have established a ipsec tunnel between two fc6+shorewall+ipsec always the > same error: > > wan2all:DROP:IN=eth5 OUT= SRC=192.168.2.3 DST=192.168.2.1 (but now on the > both side!)
Did you disable policy match or change your configuration to use the method at http://www.shorewall.net/IPSEC-2.6.html? You must do one or the other. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
